The Estonia Cyberwar

...the attacker convicted today isn't a member of the Russian military, nor is he an embittered cyber warrior in Putin's secret service. He doesn't even live in Russia. He's an [20-year-old] ethnic Russian who lives in Estonia, who was pissed off over that whole statue thing.

The court fined him 17,500 kroons, or $1,620 dollars, and sent him on his way.

As much as I know you hate "movie plot" threat scenarios, I would like to point out that cyber (or classic) terrorists attacking one nation-state under the guise of another nation-state either to provoke a larger incident or simply cover their own tracks has been the subject of numerous television and movie plots.

Bruce, the "hype" was all very real here in Estonia last spring. Many important websites, like the Ministry of Foreign Affairs and most read newspapers were inaccessible, and their access from outside Estonia was cut off temporarily because of that.

This local Estonian youngster is responsible for one attack against the government's website. He admitted his part. He has been convicted and fined. I think that this is very much what he deserved.

But how does it prove that the other attacks were a hype? I am sure the Estonian CERT has logs that prove very much otherwise. My personal experience trying to access Estonian websites that time proves otherwise. Unfortunately, those criminals are yet out of reach for Estonian police. That they are not identified does not serve as proof that they do not exist.

I've been following these blog posts about "capturing the mastermind behind the Estonian 04/07 attacks" for a few days now, and it is clear, that the actual news has been "lost in translation" a while back.

This lad did not mastermind anything, and it is safe to assume that he did not single-handedly organize a wide scale DDoS attack against the Estonian infrastructure.

Most likely this is one of the many youngsters that took part in the "cyber riots" that took place at the time of the DDoS attacks and the rioting on the streets. I think this guy was actually charged with attempting to pingflood a party website :) For his part in the "riots" (the riots mainly consisting of threats on the forums, basic attacks using ready-made tools, simple defacements etc.) he got a slap on the wrist and a reasonably small fine.

So, this was not "the attacker" behind the 04/07 events in Estonia, this was "a kiddie" behind a marginal effort.

You misunderstand my point. It is simply that if this guy's actions were so trivial why did he even bother in the first place? Like watering the lawn during a rainstorm.

It seems reasonable to assume that since he was caught attacking one website during the big event, he was probably responsible for attacks on a lot more than just one website - the authorities just couldn't prove it.

They really should hire him rather than fire him. It is a big problem with all ex-USSR states - goverments don't understand value of professionals. They prefer cheap labor to qualified one. And many businesses too.

I don't think we should dismiss this as unimportant for several reasons.

First there is a real fear in diplomatic circles that an incident of this type could cause a crisis to escalate. This happened in 2001 when there was a minor incident between the US and China. Hacker groups on both sides took potshots using modified versions of code red.

Second the Russian government has been busy with all manner of lawless activities of late. Murder of spies with plutonium laced teapots, denial of service attacks against sites critical of the Putin regime, including the London Telegraph.

Third, the fact that it is possible to take out other sites using an attack that has been documented for ten years kinda points to the fact that we have not been taking Internet security a tenth as seriously as we claim.

No, I am not suggesting there was an organized body or a "mastermind" behind the attacks.

My opinion is, that the 04/07 attacks were mostly emotional, spontaneous acts conducted by individuals and loosely tied groups of people. There might have been "professionals" involved, at some level but we will never know.

Most likely there were hundreds if not thousands of guys like this kid, acting out not because of an "order" given to them, but because they felt they had to react to the political situation and got their motive when Estonia moved a WW II memorial.

Some more comments from neighbors. What happened can not be called a hype. I don't think that network isolation is a hype. For example I remember some problems with wire transfers in neighboring Latvia, and I think it was because some of banks host their servers in Estonia. And I hardly believe that this attack was organized within Estonia, so prosecuting is more harder and they are prosecuting everybody who participated in and/or organized this attack within their jurisdiction (using what they can prove). I think most of these "attackers" were quite young and quite fast and they got the idea from message boards and they acted without thinking a lot about possible consequences (and it worked).

About this one case - this is only the first (Latvian media reports that other will follow) so this should be the reason for the escalated media attention, AFAIR there are other trials already in process/to begin.

@Mike B
It's called "false flag" operations, and has been carried out by several countries many times in our history. The US has done so frequently (some of the most "famous" ones include the Spanish-American war, Pearl Harbor, the US-invasion of Iraq, etc.)

Estonians provoked DDoS themselves simply by massively going to delfi and other pages. People who usually do not read news in the net rushed there altogether, so even when everybody from abroad was blocked, all these pages were still down

Reading the comments on the Wired article indicates that the truth is likely not as black and white as the author indicated. The comments suggest that one hacker was caught, tried, and convicted, not that the whole "cyberwar" thing was due to that person. Your blurb in the your newsletter implicitly agrees with Wired's position. IMO, Wired's position is at worst biased and at least incomplete. While I agree that people shouldn't be screaming electronic Pearl Harbor every time two unwanted packets show up from a foreign source, I think you dismiss too readily everything that went down in Estonia. While I'm not screaming conspiracy, I don't write it off to simple script-kiddying either.